Email Compromise Costs $131,902 Per Person


The Internet Crime Complaint Center says email compromise cost people and companies over $5.3 billion over the last three years.   If every person in Arlington, TX, lost $13,501, the total would come close to equivalent.   Arlington is a town of 392,772 people according to the latest census data.

Email compromise is a sophisticated scam that plays on trust in organizations.  The scam relies on the trust placed in key individuals in a company and the helpfulness of people in general.   There are four basic styles of email compromise, all of which end in someone sending wire to an account controlled by the scammer: the fake executive email, the fake vendor invoice, the fake employee email, and the fake lawyer email.

In this version of a business email compromise scam, the email of an executive is faked and a wire request is sent out through the faked email.   The email can be faked by hacking the executive’s email where the actual account is used to send the email but the executive did not actually send it.  The email can be faked by buying a website address similar to the company’s website and creating a new email similar to the executive’s email.   For instance, instead of   The email can also be faked by employing hacking techniques known as spoofing that fake the headers of an email and make it look like it came from a legitimate source.
In this version of a business email compromise scam, an invoice that looks like a legitimate vendor invoice requests payment to a new wire account.   The fake invoice is sent to a payables clerk who may have processed wire requests in the past.   The fake invoice may also be sent to the person responsible for maintaining vendor information with a note to update the payment information.   In this case, the payment information could be updated for all of the vendor’s invoices and the scammer will receive payment each time the real vendor is supposed to be paid.

In each of these cases, the email requests a wire transfer and may convey some sense of urgency.   Often, the scammers time their scam to run close to the close of business. The wire request may be phrased to look like the executive needs the money sent to a third party or to him- or herself.   The tactic changes depending on your standard business practices.   An email compromise scam is planned in advance so that the scammers can incorporate the methods most used in your normal course of business.

In this version of a business email compromise scam, the email of an employee is faked. Either the personal or business email account can be compromised and is used to send out requests for invoice payments.   The receiving account is the fraudster’s account instead of the company’s account.   Organizations who are victims of this fraud do not usually become aware that they have been victimized until a vendor calls to follow-up on an invoice that has already been paid but for which the vendor is still being billed.   This happens as a result of the scammer being paid instead of the company.
This email compromise scam takes the sense of urgency one step further and usually includes claims of a confidential matter that is time-sensitive to convince the victim to act quickly.   Victims are pressured to be discreet and may be requested to expedite the wire transfer.
“I’m smart. I will recognize a fake.”No. You won't.

Email compromise scams are planned attacks that involve elements of social engineering and are usually pre-empted by phishing emails that request limited, seemingly harmless, information.   In some cases, incidents of data theft, ransomware, or malware occur just before an email compromise scam.   In this way, scammers best mimic a legitimate business email and mimic your typical business practices. When a cyber incident occurs in an organization, be wary of wire requests or changes to payment information that closely follow.   Be vigilant in your verification process.

“Our IT guy has set stuff up to prevent this.”No. He hasn't.
These business email compromise scams rely upon poor business practices and trust in an organization.   The scam email does not look any different from a legitimate email because the fraudster has been monitoring your emails.   There is a sense of urgency and the fraudsters rely upon your basic disposition of being helpful.   The scam invoice does not look any different from a legitimate invoice because your typical invoices have been monitored by the fraudster.   The invoice numbering may even be in order. Do not be helpful when help is requested by phone or email.   Verify the request using external contact information.


Initiate a three-step verification process for all wire transfers and changes to wire payment information.   The following are some suggested steps to prevent becoming victimized by an email compromise scam.

1 – Log the Initial Request.   Log the initial request for a wire transfer or a change to wire payment info. Ask the requestor for his or her full name, department, company address, and company phone number. Note the time and the caller id if the request is being made by phone.   If the request is an email, save a copy of the email by printing it to a pdf.   Do not click links in any email.

The more local an email appears to be, the more apt you are to click on a link.   Phishing scams styled to look like your local post office get a click-through rate of over 70%; that’s a rate most email marketers only dream about.

2 – Call the Person Making the Request.   Pick up the actual phone and call the vendor or executive who appears to be making the request.   The number must be obtained from a source OTHER THAN the email request. Verify that the vendor is actually making the request for a wire or for a change to payment information. Log the time of the phone call, the name of the verifying person, the phone number called, and the source of the phone number.

3 – Call someone else at the company to verify that a wire transfer has been requested or that a change in the company’s payment information is necessary.   Require this second step of verification before any change is made.

Business email compromise scams and email account compromise scams (BEC/EAC) are planned attacks.   The scammers rely on poor controls and trust in an organization.   Do not allow appeals to urgency, confidentiality, or helpfulness alter your business practices for verifying a wire transfer request or a change to payment information.

If you have been the victim of an email compromise scam, call McCann Investigations at (800) 713-7670. We will provide a free consultation and outline the steps you and your response team need to take to gather and maintain the evidence you need to pursue litigation or an insurance claim. We can also explain the critical use of an licensed investigator to perform the forensic investigation and provide an objective opinion on the origination and scope of the compromise scam.

Contact Dorothy Filippov, Certified Fraud Examiner, at McCann Cyber: (346) 400-6554.


Leave a Reply

Your email address will not be published. Required fields are marked *